curl-library
Re: darwinssl support
Date: Mon, 23 Jul 2012 15:32:33 -0600
On Jul 23, 2012, at 2:38 PM, Jonas Schnelli wrote:
> How's the testing on darwinssl support for curl?
I've been testing the easy interface, and it works quite well. The only thing I have written but not tested is the NTLM crypto stuff - in theory it should work, but I don't have access to any Windows servers that use NTLM for authentication, so I can't test it myself.
> My tests (only https and only easy interface) did work very well.
>
> Could someone (Nick?) write pros and cons for darwinssl agains openssl?
>
> My draft:
> pros
> + avoid openssl build on iOS and save ~1.2MB binary size
> + build agains stable and apple maintained ssl library
+ No more certificate installations since SecureTransport uses the system/user keychain to evaluate the trust, which also makes installing custom certificates very easy
+ iOS doesn't ship with OpenSSL, so developers can now use libcurl and get SSL without requiring users to (1) jailbreak their devices or (2) restrict app sales to their home country due to crypto export laws if they statically linked in libcrypto
+ Although Mac OS X ships with OpenSSL, it is deprecated starting in Lion, so its days are numbered
+ iOS 5 & later users get TLS 1.1 and 1.2 support
> cons
> - no SFTP (libssh) support without openssl
- There's currently no way for apps to get a failed trust, so there isn't any way to present an untrusted certificate to the user in a GUI app. (With OpenSSL, this is possible by using the CURLOPT_SSL_CTX_FUNCTION feature and evaluating the trust manually using the Security framework.)
> and nick,... thanks for the highly appreciated work!
You're welcome.
Nick Zitzmann
<http://www.chronosnet.com/>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-23